Cryptology ePrint Archive: Report 2007/078

Abstract: Secure function evaluation (SFE) allows a set of players to compute
an arbitrary agreed function of their private inputs, even if an
adversary may corrupt some of the players. Secure multi-party
computation (MPC) is a generalization allowing to perform an
arbitrary on-going (also called reactive or stateful) computation
during which players can receive outputs and provide new inputs at
intermediate stages.
At Crypto~2006, Ishai \emph{et al.} considered mixed threshold
adversaries that either passively corrupt some fixed number of players,
or, alternatively, actively corrupt some (smaller) fixed number of
players, and showed that for certain thresholds, cryptographic SFE is
possible, whereas cryptographic MPC is not.
However, this separation does not occur when one considers
\emph{perfect} security. Actually, past work suggests that no such
separation exists, as all known general protocols for perfectly secure SFE
can also be used for MPC. Also, such a separation does not show up with
\emph{general adversaries}, characterized by a collection of corruptible
subsets of the players, when considering passive and active corruption.

In this paper, we study the most general corruption model where the
adversary is characterized by a collection of adversary classes, each
specifying the subset of players that can be actively, passively, or
fail-corrupted, respectively, and show that in this model, perfectly
secure MPC separates from perfectly secure SFE. Furthermore, we derive
the exact conditions on the adversary structure for the existence of
perfectly secure SFE resp.~MPC, and provide efficient protocols for both
cases.